BE-2021-0001: Out-of-Bounds Read in ContextCapture Viewer
Bentley ID: BE-2021-0001
CVE ID: CVE-2021-34984, CVE-2021-34985
Severity: 3.3
CVSS v3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Publication date: 2021-11-15
Revision date: 2021-11-15
Summary
A crafted OBJ file can force ContextCapture Viewer to read outside the boundaries of an allocated object. An attacker can leverage this with other vulnerabilities to execute arbitrary code.
Details
This was discovered by TrendMicro ZDI, ref ZDI-CAN-14784 and ZDI-CAN-14785. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture Viewer. User interaction is required to exploit this vulnerability since the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OBJ files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Affected Versions
| Applications | Affected Versions | Mitigated Versions |
| ContextCapture Viewer | <= 10.18.00.236 | >=10.19.0.580 |
Recommended Mitigations
Update to the latest version of the product. Only open OBJ files coming from a trusted source.
Acknowledgement
Thanks to Francis Provencher {PRL} through the TrendMicro ZDI program.
Revision History
| Date | Description |
| 2021-11-15 | First version of this advisory |
